The Electronic Frontier Foundation filed a related suit against AT&T on January 31, 2006, alleging that the firm had given NSA access to its database, a charge reiterated in the USA Today article.[9] Verizon and BellSouth have both claimed they were never contacted by the NSA, nor did they provide any information to the agency,[10][11] though US codes of law[12] permit companies to lie about their activities when the President believes that telling the truth would compromise national security.[13]

On May 22, 2006, it was revealed by investigative reporter Seymour Hersh and Wired magazine that the program involved the NSA setting up splitters to the routing cores of many telecoms companies and to major Internet traffic hubs. These provided a direct connection via an alleged "black room" known as Room 641A. This room allows most U.S. telecoms communications and Internet traffic to be redirected to the NSA. The NSA used them to eavesdrop and order police investigations of tens of thousands of ordinary Americans without judicial warrants.

According to a security consultant who worked on the program, "What the companies are doing is worse than turning over records ... they’re providing total access to all the data," and a former senior intelligence official said, "This is not about getting a cardboard box of monthly phone bills in alphabetical order ... the N.S.A. is getting real-time actionable intelligence."[14][15]

On June 30, 2006 USA Today printed a partial retraction about its controversial article the prior month saying: "... USA TODAY also spoke again with the sources who had originally provided information about the scope and contents of the domestic calls database. All said the published report accurately reflected their knowledge and understanding of the NSA program, but none could document a contractual relationship between BellSouth or Verizon and the NSA, or that the companies turned over bulk calling records to the NSA. Based on its reporting after the May 11 article, USA TODAY has now concluded that while the NSA has built a massive domestic calls record database involving the domestic call records of telecommunications companies, the newspaper cannot confirm that BellSouth or Verizon contracted with the NSA to provide bulk calling records to that database ..."[16]

Five days after the story appeared, BellSouth officials said they could not find evidence of having handed over such records. "Based on our review to date, we have confirmed no such contract exists and we have not provided bulk customer calling records to the NSA," the officials said. USA Today replied that BellSouth officials had not denied the allegation when contacted the day before the story was published.[10] Verizon has also asserted that it has not turned over such records.[17]

Companies are permitted by US securities law (15 U.S.C. 78m(b)(3)(A)) to refrain from properly accounting for their use of assets in matters involving national security, when properly authorized by an agency or department head acting under authorization by the President.[13] This legalese essentially means that companies can falsify their accounting reports and lie about their activities when the President decides that it is in the interests of national security to do so. President Bush issued a presidential memorandum on May 5, 2006 delegating authority to make such a designation to Director of National IntelligenceJohn Negroponte, just as the NSA call database scandal appeared in the media.[18]

According to an anonymous source, the database is "the largest database ever assembled in the world,"[1] and contains call-detail records (CDRs) for all phone calls, domestic and international. A call-detail record consists of the phone numbers of the callers and recipients along with time and duration of the call. While the database does not contain specific names or addresses, that information is widely available from non-classified sources.[1]

According to the research group TeleGeography, AT&T (including the former SBC), Verizon, and BellSouth connected nearly 500 billion telephone calls in 2005 and nearly two trillion calls since late 2001.[20] It is reported that all four companies were paid to provide the information to the NSA.[21][22]

Although such a database of phone records would not be useful on its own as a tool for national security,[dubious– discuss] it could be used as an element of broader national security analytical efforts and data mining. These efforts could involve analysts using the data to connect phone numbers with names and links to persons of interest.[23][24] Such efforts have been the focus of the NSA's recent attempts to acquire key technologies from high tech firms in Silicon Valley and elsewhere. Link analysis software, such as Link Explorer or the Analyst's Notebook, is used by law enforcement to organize and view links that are demonstrated through such information as telephone and financial records, which are imported into the program from other sources.[25]Neural network software is used to detect patterns, classify and cluster data as well as forecast future events.[26]

ThinThread, a system designed largely by William Binney, which pre-dated this database, but was discarded for the Trailblazer Project, may have introduced some of the technology which is used to analyze the data [3]. Where ThinThread encrypted privacy data, however, no such measures have been reported with respect to the current system.

In response, the Bush administration defended its activities, while neither specifically confirming or denying the existence of the potentially illegal program.[27] According to the Deputy White House Press Secretary, "The intelligence activities undertaken by the United States government are lawful, necessary and required to protect Americans from terrorist attacks."[1]

Commenting on the apparent incompatibility of the NSA call database with previous assurances by President Bush, former Republican Speaker of the HouseNewt Gingrich told Fox News, "I’m not going to defend the indefensible. The Bush administration has an obligation to level with the American people... I don’t think the way they’ve handled this can be defended by reasonable people."[29]

Later on Meet the Press, Gingrich stated that "everything that has been done is totally legal," and he said the NSA program was defending the indefensible, "because they refuse to come out front and talk about it."[30]

Republican Senator Lindsey Graham told Fox News, "The idea of collecting millions or thousands of phone numbers, how does that fit into following the enemy?"[31]

House Republican Caucus chairwoman Deborah Pryce said, "While I support aggressively tracking al-Qaida, the administration needs to answer some tough questions about the protection of our civil liberties."[32]

Former Republican House Majority Leader John Boehner said, "I am concerned about what I read with regard to NSA databases of phone calls."[33]

In May 2006, former majority leader Trent Lott stated "What are people worried about? What is the problem? Are you doing something you're not supposed to?"[36]

On May 16, 2006, both Verizon[37] and BellSouth[38] stated not only did they not hand over records, but that they were never contacted by the NSA in the first place.

On June 30, 2006, Bloomberg reported the NSA "asked AT&T Inc. to help it set up a domestic call monitoring site seven months before the Sept. 11, 2001 attacks," citing court papers filed June 23, 2006 by lawyers in McMurray v. Verizon Communications Inc., 06cv3650, in the Southern District of New York.[39]

In a Newsweek poll of 1007 people conducted between May 11 and 12, 2006, 53% of Americans said that "the NSA's surveillance program goes too far in invading privacy " and 57% said that in light of the NSA data-mining news and other executive actions the Bush-Cheney Administration has “gone too far in expanding presidential power" while 41% see it as a tool to "combat terrorism" and 35% think the Administration's actions were appropriate.[40]

According to a Washington Post telephone poll of 502 people, conducted on May 11, 63% of the American public supports the program, 35% do not; 66% were not bothered by the idea of the NSA having a record of their calls, while 34% were; 56% however thought it was right for the knowledge of the program to be released while 42% thought it was not.[41] These results were later contradicted by further polls on the subject, specifically a USA Today/Gallup poll showing 51% opposition and 43% support for the program.[42]

The Senate Armed Services Committee was scheduled to hold hearings with NSA whistle-blowerRussell Tice the week following the revelation of the NSA call database. Tice indicated that his testimony would reveal information on additional illegal activity related to the NSA call database that has not yet been made public, and that even a number of NSA employees believe what they are doing is illegal. Tice also told the National Journal that he "will not confirm or deny" if his testimony will include information on spy satellites being used to spy on American citizens from space.[43] However, these hearings did not occur and the reason why is unknown.

In November 2014, an appeals court in Washington heard arguments in the case Klayman v. Obama. During the hearings, Justice Department attorney H. Thomas Byron defended the NSA's collection of phone records and stated that "the government doesn't and never has acquired all or nearly all of the telephone call data records." [48]

Spurred by the public disclosure of the NSA call database, a lawsuit was filed against Verizon on May 12, 2006 at the Federal District Court in Manhattan by Princeton, N.J.-based attorneys Carl Mayer and Bruce Afran. The lawsuit seeks $1,000 for each violation of the Telecommunications Act of 1996, and would total approximately $5 billion if the court certifies the suit as a class-action lawsuit.[49]

Oregon

On May 12, 2006, an Oregon man filed a lawsuit against Verizon Northwest for $1 billion.[50]

Maine

On May 13, 2006, a complaint in Maine was filed by a group of 21 Maine residents who asked the Public Utilities Commission (PUC) to demand answers from Verizon about whether it provided telephone records and information to the federal government without customers' knowledge or consent. Maine law requires the PUC to investigate complaints against a utility if a petition involves at least 10 of the utility's customers.[51]

The Los Angeles Times reported on May 14, 2006, that the U.S. Justice Department called for an end to an eavesdropping lawsuit against AT&T Corp., citing possible damage from the litigation to national security.[52][54]

The most relevant U.S. Supreme Court case is Smith v. Maryland.[57] In that case, the Court addressed pen registers, which are mechanical devices that record the numbers dialed on a telephone; a pen register does not record call contents. The Court ruled that pen registers are not covered by the Fourth Amendment: "The installation and use of a pen register, [...] was not a 'search,' and no warrant was required." More generally, "This Court consistently has held that a person has no legitimate expectation of privacy in information he [...] voluntarily turns over to third parties."

The 1986 Stored Communications Act (18 U.S.C. § 2701) forbids turnover of information to the government without a warrant or court order, the law gives consumers the right to sue for violations of the act.[58][59]

"A governmental entity may require the disclosure by a provider of electronic communication service of the contents of a wire or electronic communication...only pursuant to a warrant issued using the procedures described in the Federal Rules of Criminal Procedure"[60]

However, the Stored Communications Act also authorizes phone providers to conduct electronic surveillance if the Attorney General of the United States certifies that a court order or warrant is not required and that the surveillance is required:

[Telephone providers] are authorized to...intercept...communications or to conduct electronic surveillance...if such provider...has been provided with a certification in writing by...the Attorney General of the United States that no warrant or court order is required by law, that all statutory requirements have been met, and that the specified assistance is required.[61]

The Act provides for special penalties for violators when "the offense is committed...in violation of the Constitution or laws of the United States or any State."[60]

Finally, the act allows any customer whose telephone company provided this information to sue that company in civil court for (a) actual damages to the consumer, (b) any profits by the telephone company, (c) punitive damages, and (d) attorney fees. The minimum amount a successful customer will recover under (a) and (b) is $1,000:

"The court may assess as damages in a civil action under this section the sum of the actual damages suffered by the plaintiff and any profits made by the violator as a result of the violation, but in no case shall a person entitled to recover receive less than the sum of $1,000. If the violation is willful or intentional, the court may assess punitive damages. In the case of a successful action to enforce liability under this section, the court may assess the costs of the action, together with reasonable attorney fees determined by the court." (18 U.S.C. § 2707(c) damages)[60]

President Clinton signed into law the Communications Assistance for Law Enforcement Act of 1994, after it was passed in both the House and Senate by a voice vote. That law is an act "to make clear a telecommunications carrier's duty to cooperate in the interception of communications for law enforcement purposes, and for other purposes." The act states that a court order isn't the only lawful way of obtaining call information, saying, "A telecommunications carrier shall ensure that any interception of communications or access to call-identifying information effected within its switching premises can be activated only in accordance with a court order or other lawful authorization."[62]

The FISC was inspired by the recommendations of the Church Committee,[63] which investigated a wide range of intelligence and counter-intelligence incidents and programs, including some U.S. Army programs and the FBI program COINTELPRO.

In 1971, the US media reported that COINTELPRO targeted thousands of Americans during the 1960s, after several stolen FBI dossiers were passed to news agencies.[64] The Church Committee Senate final report, which investigated COINTELPRO declared that:

“

Too many people have been spied upon by too many Government agencies and too much information has been collected. The Government has often undertaken the secret surveillance of citizens on the basis of their political beliefs, even when those beliefs posed no threat of violence or illegal acts on behalf of a hostile foreign power. The Government, operating primarily through secret informants, but also using other intrusive techniques such as wiretaps, microphone "bugs," surreptitious mail opening, and break-ins, has swept in vast amounts of information about the personal lives, views, and associations of American citizens. Investigations of groups deemed potentially dangerous – and even of groups suspected of associating with potentially dangerous organizations – have continued for decades, despite the fact that those groups did not engage in unlawful activity.[65][66]

The legality of blanket wiretapping has never been sustained in court, but on July 10, 2008 the US Congress capitulated to the administration in granting blanket immunity to the administration and telecom industry for potentially illegal domestic surveillance.[67] The bill was passed during the crucible of the 2008 presidential campaign, and was supported by then-Sen. Barack Obama, D-Ill., who was campaigning against Sen. John McCain, R-Ariz., for the presidency.[67]

Obama provided qualified support for the bill. He promised to "carefully monitor" the program for abuse, but said that, "Given the legitimate threats we face, providing effective intelligence collection tools with appropriate safeguards is too important to delay. So I support the compromise."[67] It is difficult to argue that appropriate safeguards are in place, when CDRs from all the major telecommunications companies are provided to the NSA.

The Foreign Intelligence Surveillance Court has released an opinion, dated August 29, 2013, written by U.S. District Judge Claire Eagan of the Northern District of Oklahoma, in which she said “metadata that includes phone numbers, time and duration of calls is not protected by the Fourth Amendment, since the content of the calls is not accessed.”[68] In the option, Judge Eagan said “data collection is authorized under Section 215 of the Patriot Act that allows the FBI to issue orders to produce tangible things if there are reasonable grounds to believe the records are relevant to a terrorism investigation.”[68] The option authorized the FBI to “collect the information for probes of "unknown" as well as known terrorists.”[68] According to the New York Times, “other judges had routinely reauthorized the data collection program every 90 days.”[68]

^Cauley, Leslie (May 11, 2006). "NSA has massive database of Americans' phone calls". USA Today. Retrieved July 18, 2013. "The data are used for 'social network analysis,' the official said, meaning to study how terrorist networks contact each other and how they are tied together."

^In 1970, when stolen COINTELPRO documents were released to members of Congress, journalists, and organizations who were named in the files, the administration's response to the disclosures was to warn that any further disclosures "could endanger the lives or cause other serious harm to persons engaged in investigation activities on behalf of the United States." Stone, Geoffrey R., Perilous Times: Free Speech in Wartime from the Sedition Act of 1798 to the War on Terrorism, p. 495